[Freeipa-users] kinit admin not working anymore (LOCKED_OUT: Clients credentials have been revoked)

Thu, 03 Sep 2015 02:14:26 -0700 

Dear all,

I cannot get an "admin" kerberos token anymore on our main IPA server:

[root@ipa log]# kinit admin
kinit: Clients credentials have been revoked while getting initial
credentials

Sep 03 11:02:30 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
AS_REQ (6 etypes {18 17 16 23 25 26}) 132.195.124.12: LOCKED_OUT:
ad...@pleiades.uni-wuppertal.de for
krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de, Clients
credentials have been revoked

also login via HTTP is not possible anymore:

Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
AS_REQ (6 etypes {18 17 16 23 25 26}) 132.195.124.12: NEEDED_PREAUTH:
HTTP/ipa.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de for
krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de, Additional
pre-authentication required
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
closing down fd 11
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
AS_REQ (6 etypes {18 17 16 23 25 26}) 132.195.124.12: ISSUE: authtime
1441271092, etypes {rep=18 tkt=18 ses=18},
HTTP/ipa.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de for
krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
closing down fd 11
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
AS_REQ (6 etypes {18 17 16 23 25 26}) 132.195.124.12: LOCKED_OUT:
ad...@pleiades.uni-wuppertal.de for
krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de, Clients
credentials have been revoked

while the same works on the secondary server.

I read

http://web.mit.edu/kerberos/krb5-devel/doc/admin/lockout.html

but this did not give me a clue how to get out of this.

I am pretty sure that I never entered a wrong password, but of course
someone could have tried to log in on the Web interface.

Any idea how this can be resolved?

Kind regards

  Torsten

-- 
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>                                                              <>
<> Dr. Torsten Harenberg     harenb...@physik.uni-wuppertal.de  <>
<> Bergische Universitaet                                       <>
<> FB C - Physik             Tel.: +49 (0)202 439-3521          <>
<> Gaussstr. 20              Fax : +49 (0)202 439-2811          <>
<> 42097 Wuppertal                                              <>
<>                                                              <>
<><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to